Data Leakage – A Serious Issue in the Healthcare and Pharma Industries

Contact Us

Contact Us

[contact-form-7 404 "Not Found"]

Have you ever blackmailed your sibling about telling your mother how they broke her favorite flower vase? Then you might surely know how your knowledge over someone else’s information can put you at an advantage.

We are living in an era where information is valued as if it was a precious stone. You might have seen that once you search for a refrigerator (or any commodity) in your smartphone, you will start receiving advertisements for similar items in other applications. Your data is being used by so many parties to give you a hassle-free approach in buying an item or even setting suggestions for videos on YouTube. All these are examples of data usage where the users allow their data to be used for such purposes. But there are instances where unauthorized use of data occurs, which in turn leads to privacy concerns.

While you are online on the internet there will be times where you are required to share your details like name, age, email ID, and so on. You might see this while buying an item from an online shopping store, or while registering for a webinar. These are just two of the hundreds or thousands of instances where you are required to furnish your details.

Do you have 100% confidence that these websites treat the details that you provide, with utmost diligence to maintain their confidential nature? Even if handled properly, are they able to store these data securely, without sacrificing the user’s privacy and confidentiality?

Cost of Data Breach Report 2020 can better answer the questions above. The report is the end result of the researches conducted by the Ponemon Institute and is sponsored and published by IBM Security. The report contains the institute’s findings from 524 organizations that had experienced data breaches over the period between August 2019 and April 2020. To diversify the area of study, it was conducted over 17 countries, covering 17 different industries, where 3200 individuals were interviewed. This is the 15th year that the institute is conducting this study, and the report has now become one of the benchmark tools in the cybersecurity industry. The report offers companies an opportunity to identify the factors and control the cost of a data breach. The importance of this report itself is the reason why its findings should be considered essential.

The average cost of a breach in all industries was found to be $3.86 million. The cost of a breach in the healthcare industry is at an alarming rate of around $7.13 million, placing it at the top of the list of the industries present in this report. With the average cost of a breach at $5.06 million, the pharmaceutical industry follows healthcare in fourth place. Compared to the report in 2019 there has been an increase in the cost of a breach for three, out of the 17 industries. The healthcare industry comes among these three with the data breach cost increased at a rate of 10.5% from the previous year.

Considering all these facts into the picture, it is safe to say that the healthcare and pharmaceutical industries are the primary victims of data leakage issues.

Like any other sector, the healthcare domain is also moving along the path of digitalization. It is much easier now for medical practitioners to study the medical records of their patients. Also, patients can interact in a better way with doctors and hospitals to get their health queries resolved on time. The advent of digitalization in the pharmaceutical sector has also helped patients to identify good and cost-effective alternatives for many drugs. While it can be said that digitalization in the healthcare and pharmaceutical industries has made life easier, it also unintentionally paved the way for cybersecurity criminals to access private information.

In a cybersecurity event that was held a few years back, a senior official of the Russian cybersecurity firm Kaspersky had added his views on the cybersecurity issues in the health and pharma sector. The previously mentioned sectors were already taking a cybersecurity hit in the west but the trend has followed to the Asia-Pacific (APAC) region.

Among the countries in the region Singapore, the technology and business hub of Asia was struck worse. In 2018 cybersecurity criminals hacked into Singapore’s health database and stole the personal data of almost 1.5 million people, including the outpatient medicine details of the country’s Prime Minister itself. The country was put under pressure again in 2019 when its HIV registry data was leaked online. The confidential data that was leaked contained the details of 14,000 people diagnosed with HIV until January 2013, including foreigners.

In a recent report, private data of prescription drug users in the USA was exposed as a result of the data breach that occurred in the U.S. pharma giant Pfizer. Cybersecurity firm vpnMentor comments that the data breach occurred due to the company’s unsecured cloud storage. vpnMentor found that the conversations between Pfizer’s automated customer support software and their prescription drug users could be compromised. Personal Identifiable Information (PII) of customers such as their full name, home address, email address, phone number, and partial details of health and medical status was exposed as a result of this leak.

All these events point to the fact that stringent security measures must be adopted to arrest such data leakage occurrences. Hacking and IT incidents, improper disposal of protected health information (PHI), records or equipment getting lost that contains sensitive information, records or equipment being stolen that contains sensitive information, information being accessed and disclosed without proper authorization, are the most common factors that contribute to data leakage in the healthcare industry. Based on willful neglect and the effort to adopt corrective actions HIPAA has identified four tiers of penalties, with tier four being the highest degree of negligence and has the highest penalty.

To avoid such data leakages and to be exempted from the penalties, healthcare organizations and their business partners must become HIPAA compliant. Adopting a data security framework such as the HITRUST community security framework (CSF) ensures data security and HIPAA and HITECH compliance.

Similar instances can be found in the pharmaceutical industry also. Regulations like GDPR and CCPA require companies to respect and ensure the privacy of individuals. Hence a data leakage issue can incur hefty fines on the companies. A solution in this regard would be the early and timely adoption of an effective vendor management system. A third-party organization can be approached for vendor assessments so that operational costs can be reduced and internal resources can be channeled to other processes. The vendor must be able to generate liability and risk evaluation reports where the company can review them and take necessary measures.

Communication of healthcare and pharma employees through unsecured channels also increases the chances of confidential information being leaked to someone outside the organizational structure. Adopting a HIPAA secure messaging solution will bring down the chances of employees leaking such sensitive data. Ensuring WhatsApp HIPAA compliance and WeChat HIPAA compliance can also help restrict any malpractice that can take place through IM applications. WhatsApp archiving and WeChat archiving can help companies maintain a record of their employees’ communication, reducing compliance risks.

About TeleMessage

TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.

Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:

TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at to learn more about our mobile archiving products.

Skip to content